diff options
Diffstat (limited to 'eBones/usr.sbin/kdb_util')
| -rw-r--r-- | eBones/usr.sbin/kdb_util/Makefile | 12 | ||||
| -rw-r--r-- | eBones/usr.sbin/kdb_util/kdb_util.8 | 64 | ||||
| -rw-r--r-- | eBones/usr.sbin/kdb_util/kdb_util.c | 523 |
3 files changed, 0 insertions, 599 deletions
diff --git a/eBones/usr.sbin/kdb_util/Makefile b/eBones/usr.sbin/kdb_util/Makefile deleted file mode 100644 index 88368dfd33843..0000000000000 --- a/eBones/usr.sbin/kdb_util/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 2/14/91 -# $Id: Makefile,v 1.5 1995/09/14 04:09:56 gibbs Exp $ - -PROG= kdb_util -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../../kdb_edit -SRCS= kdb_util.c maketime.c -.PATH: ${.CURDIR}/../kdb_edit -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= kdb_util.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kdb_util/kdb_util.8 b/eBones/usr.sbin/kdb_util/kdb_util.8 deleted file mode 100644 index 4183ef363b977..0000000000000 --- a/eBones/usr.sbin/kdb_util/kdb_util.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -.IR filename .dump_ok -semaphore file created by -.IR slave_dump. diff --git a/eBones/usr.sbin/kdb_util/kdb_util.c b/eBones/usr.sbin/kdb_util/kdb_util.c deleted file mode 100644 index 5dbe509e1afe2..0000000000000 --- a/eBones/usr.sbin/kdb_util/kdb_util.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Kerberos database manipulation utility. This program allows you to - * dump a kerberos database to an ascii readable file and load this - * file into the database. Read locking of the database is done during a - * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. - * - * Written July 9, 1987 by Jeffrey I. Schiller - * - * from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $ - * $Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $"; -#endif lint -#endif - -#include <errno.h> -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <time.h> -#include <strings.h> -#include <des.h> -#include <krb.h> -#include <sys/file.h> -#include <krb_db.h> - -#define TRUE 1 - -Principal aprinc; - -static des_cblock master_key, new_master_key; -static des_key_schedule master_key_schedule, new_master_key_schedule; - -#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo))) - -char * progname; - -void convert_old_format_db (char *db_file, FILE *out); -void convert_new_master_key (char *db_file, FILE *out); -void update_ok_file (char *file_name); -void print_time(FILE *file, unsigned long timeval); -void load_db (char *db_file, FILE *input_file); -int dump_db (char *db_file, FILE *output_file, void (*cv_key)()); - -int -main(argc, argv) - int argc; - char **argv; -{ - FILE *file; - enum { - OP_LOAD, - OP_DUMP, - OP_SLAVE_DUMP, - OP_NEW_MASTER, - OP_CONVERT_OLD_DB, - } op; - char *file_name; - char *prog = argv[0]; - char *db_name; - - progname = prog; - - if (argc != 3 && argc != 4) { - fprintf(stderr, "Usage: %s operation file-name [database name].\n", - argv[0]); - exit(1); - } - if (argc == 3) - db_name = DBM_FILE; - else - db_name = argv[3]; - - if (kerb_db_set_name (db_name) != 0) { - perror("Can't open database"); - exit(1); - } - - if (!strcmp(argv[1], "load")) - op = OP_LOAD; - else if (!strcmp(argv[1], "dump")) - op = OP_DUMP; - else if (!strcmp(argv[1], "slave_dump")) - op = OP_SLAVE_DUMP; - else if (!strcmp(argv[1], "new_master_key")) - op = OP_NEW_MASTER; - else if (!strcmp(argv[1], "convert_old_db")) - op = OP_CONVERT_OLD_DB; - else { - fprintf(stderr, - "%s: %s is an invalid operation.\n", prog, argv[1]); - fprintf(stderr, - "%s: Valid operations are \"dump\", \"slave_dump\",", argv[0]); - fprintf(stderr, - "\"load\", \"new_master_key\", and \"convert_old_db\".\n"); - exit(1); - } - - file_name = argv[2]; - file = fopen(file_name, op == OP_LOAD ? "r" : "w"); - if (file == NULL) { - fprintf(stderr, "%s: Unable to open %s\n", prog, argv[2]); - (void) fflush(stderr); - perror("open"); - exit(1); - } - - switch (op) { - case OP_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - break; - case OP_SLAVE_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - update_ok_file (file_name); - break; - case OP_LOAD: - load_db (db_name, file); - break; - case OP_NEW_MASTER: - convert_new_master_key (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - case OP_CONVERT_OLD_DB: - convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - } - exit(0); - } - -void -clear_secrets () -{ - bzero((char *)master_key, sizeof (des_cblock)); - bzero((char *)master_key_schedule, sizeof (Key_schedule)); - bzero((char *)new_master_key, sizeof (des_cblock)); - bzero((char *)new_master_key_schedule, sizeof (Key_schedule)); -} - -/* cv_key is a procedure which takes a principle and changes its key, - either for a new method of encrypting the keys, or a new master key. - if cv_key is null no transformation of key is done (other than net byte - order). */ - -struct callback_args { - void (*cv_key)(); - FILE *output_file; -}; - -static int dump_db_1(arg, principal) - char *arg; - Principal *principal; -{ /* replace null strings with "*" */ - struct callback_args *a = (struct callback_args *)arg; - - if (principal->instance[0] == '\0') { - principal->instance[0] = '*'; - principal->instance[1] = '\0'; - } - if (principal->mod_name[0] == '\0') { - principal->mod_name[0] = '*'; - principal->mod_name[1] = '\0'; - } - if (principal->mod_instance[0] == '\0') { - principal->mod_instance[0] = '*'; - principal->mod_instance[1] = '\0'; - } - if (a->cv_key != NULL) { - (*a->cv_key) (principal); - } - fprintf(a->output_file, "%s %s %d %d %d %d %lx %lx", - principal->name, - principal->instance, - principal->max_life, - principal->kdc_key_ver, - principal->key_version, - principal->attributes, - htonl (principal->key_low), - htonl (principal->key_high)); - print_time(a->output_file, principal->exp_date); - print_time(a->output_file, principal->mod_date); - fprintf(a->output_file, " %s %s\n", - principal->mod_name, - principal->mod_instance); - return 0; -} - -int -dump_db (db_file, output_file, cv_key) - char *db_file; - FILE *output_file; - void (*cv_key)(); -{ - struct callback_args a; - - a.cv_key = cv_key; - a.output_file = output_file; - - kerb_db_iterate (dump_db_1, (char *)&a); - return fflush(output_file); -} - -void -load_db (db_file, input_file) - char *db_file; - FILE *input_file; -{ - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - long time_explode(); - int code; - char *temp_db_file; - temp1 = strlen(db_file)+2; - temp_db_file = malloc (temp1); - strcpy(temp_db_file, db_file); - strcat(temp_db_file, "~"); - - /* Create the database */ - if ((code = kerb_db_create(temp_db_file)) != 0) { - fprintf(stderr, "Couldn't create temp database %s: %s\n", - temp_db_file, sys_errlist[code]); - exit(1); - } - kerb_db_set_name(temp_db_file); - for (;;) { /* explicit break on eof from fscanf */ - bzero((char *)&aprinc, sizeof(aprinc)); - if (fscanf(input_file, - "%s %s %d %d %d %hd %lx %lx %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance) == EOF) - break; - aprinc.key_low = ntohl (aprinc.key_low); - aprinc.key_high = ntohl (aprinc.key_high); - aprinc.max_life = (unsigned char) temp1; - aprinc.kdc_key_ver = (unsigned char) temp2; - aprinc.key_version = (unsigned char) temp3; - aprinc.exp_date = time_explode(exp_date_str); - aprinc.mod_date = time_explode(mod_date_str); - if (aprinc.instance[0] == '*') - aprinc.instance[0] = '\0'; - if (aprinc.mod_name[0] == '*') - aprinc.mod_name[0] = '\0'; - if (aprinc.mod_instance[0] == '*') - aprinc.mod_instance[0] = '\0'; - if (kerb_db_put_principal(&aprinc, 1) != 1) { - fprintf(stderr, "Couldn't store %s.%s: %s; load aborted\n", - aprinc.name, aprinc.instance, - sys_errlist[errno]); - exit(1); - }; - } - if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) - perror("database rename failed"); - (void) fclose(input_file); - free(temp_db_file); -} - -void -print_time(file, timeval) - FILE *file; - unsigned long timeval; -{ - struct tm *tm; - struct tm *gmtime(); - tm = gmtime((long *)&timeval); - fprintf(file, " %04d%02d%02d%02d%02d", - tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year, - tm->tm_mon + 1, - tm->tm_mday, - tm->tm_hour, - tm->tm_min); -} - -/*ARGSUSED*/ -void -update_ok_file (file_name) - char *file_name; -{ - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; - static char ok[]=".dump_ok"; - - if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1)) - == NULL) { - fprintf(stderr, "kdb_util: out of memory.\n"); - (void) fflush (stderr); - perror ("malloc"); - exit (1); - } - strcpy(file_ok, file_name); - strcat(file_ok, ok); - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) { - fprintf(stderr, "Error creating 'ok' file, '%s'", file_ok); - perror(""); - (void) fflush (stderr); - exit (1); - } - free(file_ok); - close(fd); -} - -void -convert_key_new_master (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - /* move current key to des_cblock for encryption, special case master key - since that's changing */ - if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && - (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { - bcopy((char *)new_master_key, (char *) key, sizeof (des_cblock)); - (p->key_version)++; - } else { - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *) (((long *) key) + 1), 4); - kdb_encrypt_key (key, key, master_key, master_key_schedule, DECRYPT); - } - - kdb_encrypt_key (key, key, new_master_key, new_master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ - - (p->kdc_key_ver)++; -} - -void -convert_new_master_key (db_file, out) - char *db_file; - FILE *out; -{ - - printf ("\n\nEnter the CURRENT master key."); - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get master key.\n"); - clear_secrets (); - exit (-1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - clear_secrets (); - exit (-1); - } - - printf ("\n\nNow enter the NEW master key. Do not forget it!!"); - if (kdb_get_master_key (TRUE, new_master_key, new_master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get new master key.\n"); - clear_secrets (); - exit (-1); - } - - dump_db (db_file, out, convert_key_new_master); -} - -void -convert_key_old_db (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4); - -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, - (long)sizeof(des_cblock),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - - /* make new key, new style */ - kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ -} - -void -convert_old_format_db (db_file, out) - char *db_file; - FILE *out; -{ - des_cblock key_from_db; - Principal principal_data[1]; - int n, more; - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0L) { - fprintf (stderr, "verify_master_key: Couldn't get master key.\n"); - clear_secrets(); - exit (-1); - } - - /* can't call kdb_verify_master_key because this is an old style db */ - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - fprintf(stderr, "verify_master_key: " - "Kerberos error on master key lookup, %d found.\n", - n); - exit (-1); - } - - /* set up the master key */ - fprintf(stderr, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt (old style) the key in the db, had better - * be the same! - */ - bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4); - bcopy((char *)&principal_data[0].key_high, - (char *)(((long *) key_from_db) + 1), 4); -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key_from_db,(des_cblock *)key_from_db, - (long)sizeof(key_from_db),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - /* the decrypted database key had better equal the master key */ - n = bcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - bzero((char *)key_from_db, sizeof(key_from_db)); - - if (n) { - fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); - fprintf(stderr, "does not match database.\n"); - exit (-1); - } - - fprintf(stderr, "Master key verified.\n"); - (void) fflush(stderr); - - dump_db (db_file, out, convert_key_old_db); -} - -long -time_explode(cp) -register char *cp; -{ - char wbuf[5]; - struct tm tp; - long maketime(); - int local; - - zaptime(&tp); /* clear out the struct */ - - if (strlen(cp) > 10) { /* new format */ - (void) strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf); - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = 1900 + atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(maketime(&tp, local)); -} |